I have read quite a few posts about preventing account password takeover from various malicious ways, and many OPSEC measures are there to prevent it from happening.
Consider a case where you face a total blackout or technical failure. Now, you need to log in to your password manager, which requires either OTP on email or TOTP. You don’t have access to the TOTP app because the backup is stored in cloud storage, whose email login also requires OTP.
How would you prevent such from happening?I haven’t found a satisfactory solution or explanation for that yet.
I almost did this to myself. I actually set it up this way, but realized my mistake before logging out of anything so I just disabled it and set it up differently.
I have multiple old phones that I’ve taken apart and removed the antennas, cameras, and mics from so they can’t connect to anything even if you wanted to. I store extra copies of my 2FA there, I committed to memory the password to my hard drive and password vaults, setup recovery codes, and printed out the information that was too important to lose. Saved the information in a file and encrypted it to two USB drives with passwords I know I know. And created copies of the password vault in several offline locations. Much better setup with idiot proof redundancy.